24 replies to this topic

[molongriff]

I have Avast, Spywareblaster, Malwarebytes (free version) & Superantispyware (free version) & also MVPShosts on Windows XP.
On 2nd September Avast blocked something from downloading from a website into the computer.
Immediately afterwards, multiple tabs opened in IE and kept on uncontrollably.
I ran Malwarebytes & Avast quick scans - no problems, so I assumed this was OK.
I had no further problems until today. I had just ordered something online and was about to order something else, this time from Amazon, when IE opened multiple tabs again. I immediately suspected spyware so:
updated Spywareblaster,
updated and ran Malwarebytes,
updated Superantispyware,
updated Avast!,
ran Avast! quick scan in safe mode,
ran Superantispyware.
None of these found anything.
Could it be that IE got slightly corrupted 2 weeks ago when Avast! caught the malware? Or could it be that an infection got through? Or should I not worry about it? I'm concerned about my use of my credit card just before it happened.
I'd very much appreciate advice.

DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ian Petrie at 7:16:16.29 on 18/09/2012
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.521 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cobian Backup 10\cbService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Ian Petrie\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///E:/Sarah/system/Bookmarks.html
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start [url="http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAC0ATgBWADIASABZAC0AMgBaAEMAVwBTAC0AQgBBAFkAVwBSAC0AQwBDAEwAWgBUAC0AVwBaAEgAVAAyAA"&"inst=NwA2AC0ANQAwADQAOAAxADUANQAzADgALQBYAE8AMwA2ACsAMQAtAFQAQgA5ACsAMgAtAFAATAArADkALQBOADEARAArADEALQBDAEkAQQA5ADAAKwAyAC0ARABEAFQAKwA1ADEANQAwADIALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0AUAA5ADAATQAxADIAQwArADEALQBQADkAVQArADEALQBVADkANQArADEALQBUAEIAKwAxAC0AUAA5AFIAKwAxAC0AUAA5ADAAVABCACsAMgA"&"prod=92"&"ver=9.0.894"]http://www.avg.com/ww.special-uninstallati...uot;ver=9.0.894[/url]
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ianpet~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - %WINDIR%\system32\ieframe.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-9-28 15328]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-10 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-10 355632]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-10 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-10 44808]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-10-30 67584]
R2 CobianBackup10;Cobian Backup 10;c:\program files\cobian backup 10\cbService.exe [2010-10-30 1125376]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-9-28 220128]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250568]
S3 cpuz132;cpuz132;\??\c:\docume~1\ianpet~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\ianpet~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-17 40776]
.
=============== Created Last 30 ================
.
2012-09-17 16:15:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-05 17:05:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-09-05 17:04:46 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-05 17:04:42 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-05 17:04:42 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 10:58:26 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 10:58:26 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 7:17:06.59 ===============

[Satchfan]

Hello molongriff and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

• please follow all instructions in the order posted
• please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
• all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
• if you don't understand something, please don't hesitate to ask for clarification before proceeding
• the fixes are specific to your problem and should only be used for this issue on this machine.
• please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your log now and will reply with instructions shortly.

Meanwhile, can you send the Attach.txt log that was also generated when you ran DDS.

Also, if you ran it, can you tell me if Eset found any infections, as I see you have it on your computer.

Thanks

Satchfan

[molongriff]

Hi Many thanks for offering to help me. I attach the attach file as requested. I haven't run Eset as I didn't know I had it.

Attached Files

•  Attach.txt   16.27KB   379 downloads

[Satchfan]

Hello again

I see no malware in your logs so this could just be an Internet Explorer problem but I’d like to see some more scans to be sure.

Run AVG removal tool

There are some remnants of AVG on your computer so please download and run AVG Removal Tool. You can get it from from here.

===================================================

Run aswMBR

• download aswMBR.exe to your desktop.
• double click the aswMBR.exe to run it
• if asked, accept the AVAST virus definition download
• click the "Scan" button to start scan
• on completion of the scan click Save log, save it to your desktop and post in your next reply

===================================================

Run Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

• make sure the following options are checked:
  • Internet Services
  • Windows Firewallsfc
  • System Restore
  • Security Center
  • Windows Update
• press "Scan".
• it will create a log (FSS.txt) in the same directory the tool is run.
• please copy and paste the log to your reply.

Logs to include in the next post:

aswMBR.txt
FSS.txt

Thanks

Satchfan

[molongriff]

Satchfan I have run the AVG removal tool, aswMBR and Farbar Service scanner. The logs are below. Thanks for looking at these. aswMBR.txt aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-18 18:14:04 ----------------------------- 18:14:04.625 OS Version: Windows 5.1.2600 Service Pack 3 18:14:04.625 Number of processors: 1 586 0x102 18:14:04.625 ComputerName: TINY UserName: 18:14:06.609 Initialize success 18:14:08.015 AVAST engine defs: 12091700 18:14:30.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 18:14:30.921 Disk 0 Vendor: Maxtor_6Y060L0 YAR41VW0 Size: 58644MB BusType: 3 18:14:30.921 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c 18:14:30.921 Disk 1 Vendor: SAMSUNG_SV4002H QP100-07 Size: 38204MB BusType: 3 18:14:30.953 Disk 0 MBR read successfully 18:14:30.953 Disk 0 MBR scan 18:14:30.968 Disk 0 Windows XP default MBR code 18:14:30.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 58635 MB offset 63 18:14:30.984 Disk 0 scanning sectors +120085875 18:14:31.062 Disk 0 scanning C:\WINDOWS\system32\drivers 18:14:48.812 Service scanning 18:15:12.062 Modules scanning 18:15:23.281 Disk 0 trace - called modules: 18:15:23.812 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 18:15:23.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f95ab8] 18:15:23.828 3 CLASSPNP.SYS[f770ffd7] -> nt!IofCallDriver -> \Device\00000065[0x85f91f18] 18:15:23.843 5 ACPI.sys[f7686620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x85f94d98] 18:15:24.265 AVAST engine scan C:\WINDOWS 18:15:41.718 AVAST engine scan C:\WINDOWS\system32 18:19:10.484 AVAST engine scan C:\WINDOWS\system32\drivers 18:19:28.953 AVAST engine scan C:\Documents and Settings\Ian Petrie 19:01:29.562 AVAST engine scan C:\Documents and Settings\All Users 19:02:11.187 Scan finished successfully 19:08:16.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ian Petrie\Desktop\MBR.dat" 19:08:16.250 The log file has been saved successfully to "C:\Documents and Settings\Ian Petrie\Desktop\aswMBR.txt" FSS.txt Farbar Service Scanner Version: 06-08-2012 Ran by Ian Petrie (administrator) on 18-09-2012 at 21:46:50 Running from "C:\Documents and Settings\Ian Petrie\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is set to Demand. The default start type is Auto. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= AegisP(10) aswTdi(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 0x0D00000005000000010000000200000003000000040000000B0000005A00000056000000060000 000700000008000000090000000A000000 IpSec Tag value is correct. **** End of log ****

[Satchfan]

I still see nothing suspicious

You could set IE to its default state. Sometimes these things are related to the page you’re visiting but common problems are also corrupt toolbars and plugins. Resetting IE will fix that.

Reset Internet Explorer settings to default

• click the Tools menu, and then select Internet Options
• click on the Advanced tab to the far right and at the bottom of the window,click Reset
• when another dialog box opens up, click Reset
• when IE is finished restoring to the default settings, click Close and then OK
• close any browsers you have had open and restart IE

. Everything should now be reset to the default.

==================================

Let’s also clear your temporary files.

Clear all your temporary files

Download ATF Cleaner

• double-click ATF-Cleaner.exe (on your desktop) to run the program.
• under Main choose: Select All
• click the Empty Selected button.

If you use Firefox browser

• click Firefox at the top and choose: Select All
• click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• click Opera at the top and choose: Select All
• click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu

NOTE: The last update came out before Chrome and the developer of ATF Cleaner hasn't updated it to deal with Chrome yet.

Google Chrome includes its own “Clear Browsing Data” tool that performs the same functions as ATF Cleaner. It clears browsing history, download history, empties Chrome’s cache, deletes cookies and removes all saved autofill entries and passwords.

You can toggle each of these options and select the date range of data you want to remove.
You can access the tool by clicking on the wrench menu in Chrome, and choose Tools, Clear Browsing Data.

==================================

Internet Explorer 9

If the problem persists, you might want to try an upgrade as Internet Explorer 9. IE9 has many new and improved features and is now probably more secure than others.

Go here to download IE9

When you’ve done this, let me know if the problem is still there.

Satchfan

[molongriff]

Hi Satchfan I have now reset IE to its default settings and run ATF cleaner. (I also kept a note of all the previous IE settings just in case I needed to change any of them back to what they were before.) I can't tell if the problem is still there because it was intermittent, but what I can say is that IE is now unbelievably much faster than it was before. I hadn't realised how sluggish it had become. So the cleanup was very well worth doing anyway. I am optimistic that this has sorted the problem because IE is now running so much better. Would it be a good idea for me to keep ATF cleaner on the desktop and use it regularly instead of the Windows Disk Cleanup? Or does ATF Cleaner do something different? Many thanks for your help.

[Satchfan]

I’m pleased that all is running better but before we tidy up I’d like you to run one more check.

Run Security Check

Download Security Check by screen317 from here or here.

• save it to your Desktop.
• double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Satchfan

[molongriff]

Here's the result of the Security Check that is in the file checkup.txt:

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 4.6
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.0.3
Java™ 6 Update 29
Java 7 Update 7
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

[Satchfan]

It looks as if your computer is clean. – just a few clean-up and security bits to attend to.

You can delete the programs and files we have used from your desktop.

Create a Restore Point

• click Start, Run
• copy and paste the following:
  

  %SystemRoot%\System32\restore\rstrui.exe
  

• press OK
• choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create
• when the confirmation screen shows that the restore point has been created, click Close.

Remove old restore points

• go to Start, Programs, Accessories, System tools, Disk Cleanup
• when the Disc Cleanup dialog box appears, click OK
• when it finishes running, a box with tabs will appear, select the ”More options” tab
• on this tab you will find a section for System Restore
• if you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

===================================================

Uninstall an old version of Java

Old versions are security vulnerabilities and can compromise your system.

Remove Java™ 6 Update 29

To remove it:

• click on Start, Settings, Control Panel
• double-click Add or Remove Programs (it may take time for the list to appear, so be patient)
• scroll down the list and Java™ 6 Update 29
• click on it and then on Remove.

===================================================

Firewall

You're using the Windows Firewall which is not adequate protection. The main reason you should use a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop Outgoing signals (possibly ones that could intrude your privacy) from sending information to the Internet or to other networks. That means if malware happens to compromise your PC again, it will be able to SEND OUT out your credit card data and any other personal information.

I suggest you install a more robust third party firewall that filters both incoming and outgoing traffic.

Download and install one of the following freeware firewalls from below:

Sygate Personal Firewall Free Edition:
Comodo Personal Firewall:

NOTE only install one firewall. Having more than one could cause many programs to stop working altogether. Also, the firewalls may get in each others' way and cause some security holes that would not be there with just one firewall.

When you have done that:

Disable Windows firewall:

• Click on Start, Settings and then Control Panel
• click on the Security Center icon.
• click on the Windows Firewall icon
• click Off (not recommended) and then click OK.

You should take the time to read Understanding and Using Firewalls

===================================================

Recommended programs

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

================

Would it be a good idea for me to keep ATF cleaner on the desktop and use it regularly

I would suggest ATF rather than Windows Disk Cleanup as ATF clears files that may contain malware – Windows is more interested in reclaiming space.

===========================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

[molongriff]

Hi Satchfan Thank you for all these recommendations. However, please could you keep this log open longer as I haven't yet been able to do any of the things you recommended. First I was away from home, and then about 1.5 hours ago I put the computer on and wanted to remove an external hard drive before doing all those things you suggested. But "Safely Remove hardware" came up with a message telling me it was still in use by a programme. The usual answer to this seems to be to reboot and try again, but when I did so the computer started a Windows update. Ever since then it has been alternating the message "Do not turn off or unplug your computer; it will turn off automatically" & "Installing update 1 of 1" So I cannot do anything with the computer unless I disobey the instruction not to turn it off. Needless to say, I am using another computer to send this. I know this is probably off topic, but can you advise me about this? It has been going on for nearly 2 hours now.

[molongriff]

I had to just power off the computer as I have to go out. It seems to be OK (I am using it now) but I won't get the chance to try all those things until this evening. I'm in the UK so that's about 12 hours from now. I'll let you know how I get on.

[Satchfan]

I'm in the UK also, so that's not a problem.

[molongriff]

Many thanks for all this. There are a whole lot of really good ideas here and I have been working through them. I particularly like FileHippo, though it will take me a while to work through all the updates it lists!. I had just a couple of problems. When I tried to uninstall Java 6 Update 29 I got the following error messages and this version of Java was not removed: "Internal error 2753. regutils.dll" "Fatal error during installation" How should I proceed with this? I see that I also have Java 6 Update 22. Shouldn't I remove that as well? I presume I should keep Java 7 Update 7 and Java FX 2.0.3. I had already disabled Java in IE as a precaution against recent problems with Java. I decided to go for the Comodo firewall, but when I started to install it, it gave me some options I wasn't sure about: Should I take the option to change my DNS settings to Comodo SecureDNS servers? It's unchecked so I'm not sure about it. Could this cause a problem if I ever want to change to a different firewall? I'm a bit wary of tampering with anything to do with my internet connection as it seemed to be rather complicated to set up and I'm afraid of losing it altogether or having to go through the whole setup process again. Enabling cloud based behaviour analysis is aready checked so can I assume that's a good choice? I wasn't clear if the free version of Comodo includes an antivirus. I already have Avast! I now seem to have a problem with stylesheets on the whatthetech forum. The web page appears correctly initially, and then it looks like the stylesheet stops working. This also happened on Yahoo. It could just be a problem with these sites though, and not my computer.

[Satchfan]

For the Java problem try this:

Download JavaMSIFix.exe

Close your browser and other programs... and double click on JavaMSIFix.exe to run it. After it has completed... reboot your computer and then double click on the Java installer that you downloaded earlier.

=================================

I see that I also have Java 6 Update 22. Shouldn't I remove that as well?

That didn’t appear as an installed program but as it is an old version, yes it should be removed.

=================================

Should I take the option to change my DNS settings to Comodo SecureDNS servers?

It is your choice. I don’t use Comodo and am no expert you can go here for more information on it: it also includes information on how to change your settings back as they were if you change your mind.

=================================

I wasn't clear if the free version of Comodo includes an antivirus. I already have Avast!

It is only a firewall; not an antivirus.

Let me know how the Java issue goes.